Overview

overview

7

Static

static

3

811fc88e7e...0N.exe

windows7-x64

7

811fc88e7e...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/07/2024, 02:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    811fc88e7ef5817f42efcb0f27431a10N.exe

  • Size

    3.1MB

  • MD5

    811fc88e7ef5817f42efcb0f27431a10

  • SHA1

    d460cafd428643637275b76a5984adb8e8ca5689

  • SHA256

    fa394392e03984e884859ff2783f41c316fe8122df6e0441268bc68b6b1c94b0

  • SHA512

    723edc64c2b1570953f5c4db828371d8079563b5795db69bff902a7e9272f1ef74529204ea40273898382865fa5a8a5d53b9333d991377c61756163804dad556

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBE9w4Su+LNfej:+R0pI/IQlUoMPdmpSpO4JkNfej

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\811fc88e7ef5817f42efcb0f27431a10N.exe
    "C:\Users\Admin\AppData\Local\Temp\811fc88e7ef5817f42efcb0f27431a10N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\IntelprocOB\aoptisys.exe
      C:\IntelprocOB\aoptisys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocOB\aoptisys.exe
    Filesize

    3.1MB

    MD5

    e8394a925e3d8a6c8ac85937f83842e3

    SHA1

    ddd033622ecf30489744520bab582b09c222f7c2

    SHA256

    cc8db8881618f437f29a80ef6cf7d63a458ed307b401a830776f774d319bd29b

    SHA512

    20b83699b8d770e7c9e237542ebc0d7fda5e57dc74a99ddf1a6c3d6a55cd07b9f7ccf57b20ba3c68cfe23b267cf47758b2dcc38d6f9f07079daa09cda764c755

    Download Submit

  • C:\KaVBJZ\optialoc.exe
    Filesize

    3.1MB

    MD5

    e0ce5907033ff12fa5fa2ee0c11c171a

    SHA1

    13abd1978fd4c6bd93adbd24362a39d34c78613e

    SHA256

    89b15b268845a4d94848fa2e7dc151157bdc82496567e9c41212f49e28c1f8ca

    SHA512

    a9015864cf7405569d9e76d682bc35395730301746d1549f60b88b249e185bba746353980f45cd54594c425cf86b4d2110f4e38c2590c25dca1e4444096ac4b1

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    206B

    MD5

    e81596003535366dfa090c1222e58bcb

    SHA1

    e117e2532f7cc301af685ca0365110be30c5c124

    SHA256

    4407fd4f86d232eed67b37e821319594da8b52002d208435fa555166c2ae76e5

    SHA512

    ae1f8bd95e227a9cdd61718f83cc75f616abd99a164dfbc7684fe79447dede668de889f82d03b67f85147317dee053b299f92af99637e22b05a58b4fe959773a

    Download Submit